Naming Systems for Onion Services
This is a wiki page to organize knowledge about the various proposed naming systems for Onion Services. This page is meant to be used by researchers and developers interested in this topic.
What Are Naming Systems?
These are systems that map the big random-looking onion addresses into human readable names.
For example you can imagine the following useful map: debian -> sejnfjrq6szgca7v.onion
so that users can just write debian
in their browser instead of having to remember that big string.
Security Properties
Desirable security properties include:
- Anonymous registrations
- Privacy-enhanced queries
- Strong integrity guarantees
- Globally-consistent mappings
- Distributed name management
Proposed Naming Systems
OnioNS
The Onion Name System, a New DNS for Tor Onion Services
Description
OnioNS, pronounced "onions", is a privacy-enhanced and metadata-free DNS for Tor onion services. It is also backwards-compatible with traditional .onion addresses, does not require any modifications to the Tor binary or network, and there are no central authorities in charge of the domain names. OnioNS was specifically engineered to solve the usability problem with onion services. This project was described in the paper "The Onion Name System: Tor-Powered Decentralized DNS for Tor Onion Services", which was accepted into PoPETS 2017. OnioNS also supports load-balancing at a name level. Development currently takes place on Github.
Security Properties
- Anonymous registrations - PGP key is optional, no personal information required
- Privacy-enhanced queries - uses 6-hop circuits
- Strong integrity - server responses are verified with a Merkle tree
- Decentralized control - a random set of 127 periodically-rotating Tor nodes manage names and publishes the Merkle tree root
- Globally-unique domain names with consistent mappings
- Support for authenticated denial-of-existence responses
- Server-server communication uses circuits
- Preloaded with reserved names to avoid phishing attacks
- Uses the latest block in Bitcoin as a CSPRNG
- Resistant to Sybil attacks
- Resistant to computational attacks
Drawbacks
- Users must install the software into the Tor Browser.
- Requires participation from Tor relay administrators.
- Users must trust a selection of Tor relays, Tor directory authorities, and Bitcoin during a query.
Namecoin
Namecoin is a fork of Bitcoin.
Description
Namecoin holds names in a blockchain. Name registration costs a virtual unit, denominated in namecoins.
Security Properties
- Privacy-enhanced queries: full-node clients and FBR-C clients (full block receive for current registrations) do not generate network traffic on lookups
- Globally unique names
- Backed by computational proof-of-work
- Purely distributed control of names (does not rely on Tor directory authorities or Tor relays)
- Authenticated denial-of-existence for full-node clients and FBR-C clients (full block receive for current registrations).
Drawbacks
- It is non-trivial to anonymously acquire Namecoins, which reduces the privacy of domain registration.
- Registrations are only pseudonymous unless Namecoin is used in conjunction with an anonymous blockchain such as Monero; decentralized exchanges between Monero and Namecoin are not yet deployed, so Monero to Namecoin exchanges require some counterparty risk.
- Full-node clients must download the blockchain, which may be impractical for some users, and becomes less usable as transaction volume increases.
- No authenticated denial-of-existence for clients that only download block headers (this can be fixed with a future softfork).
- Doesn't scale: it grows more secure but less usable as it becomes more popular.
GNU Name System (GNS)
Description
GNS uses a hierarchical system of directed graphs. Each user is node in the graph and they manage their own zone.
Security Properties
- Peer-to-peer design.
- Individuals are in charge of name management.
- Resistant to large-scale Sybil attack.
- Resistant to large-scale computational attack.
Drawbacks
- No guarantee that names are globally unique.
- Difficult to choose a trustworthy zone.
- The selection of a trustworthy zone centralizes the system.
Blockstack
Description
Security Properties
Drawbacks
TBB addon that does onion bookmarks
Description
Basically introduce the workflow where our users are supposed to bookmark their onions so that they remember them next time. A smart addon here could do it automatically for the users, or something.
Security Properties
Drawbacks
- Need to keep list (or hashes) of visited onions on the client's machine.
Centralized first-come-first-served name cache run by a dirauth
Description
Just run a NamingAuth on the network where HSes can go and register their names. Clients can query the NamingAuth direct, and can also cadd alternative naming auths.
A bit like the I2P naming system? (https://geti2p.net/hosts.txt)
Security Properties
- Simple and easy.
Drawbacks
- Centralized
InterPlanetary Naming System
Description
A naming system for IPFS. Can suit for .onion too.
Security Properties
To be evaluated
Drawbacks
To be evaluated.
Files with aliases
Description
Just hosts-like files with pairs . Widespread in I2P.
Security Properties
- Simple.
- Name resolution is done locally.
Drawbacks
- Centralized.
- Latent.
- Involves trust to everyone involved in list making.
- Markable. Malicious service can give different users different aliases.